Mercurial Hosting > luan
changeset 1632:0344a535b1db
add doc
author | fffilimonov |
---|---|
date | Tue, 14 Dec 2021 07:41:01 +0000 |
parents | 35c626c06dd5 |
children | 665049cffc02 |
files | host/addStartupScripts.sh host/addStartupScriptsPostgres.sh host/doc/autostart.txt host/doc/backup.txt host/doc/install.txt host/https.luan host/removeStartupScripts.sh host/renewSsl.sh host/startup/macos/limit.maxfiles.plist host/startup/macos/limit.maxproc.plist host/startup/macos/renewSsl.plist host/startup/macos/startLuanhost.plist host/startup/macos/startLuanhost.sh host/startup/nginx/mime.types host/startup/nginx/nginx.conf.luan host/startup/nginx/nginx.default.conf.luan host/startup/nginx/nginx.ssl.conf.luan host/startup/postgres/macos/luanhost.postgresql.plist host/startupScripts.sh host/update.sh |
diffstat | 20 files changed, 433 insertions(+), 28 deletions(-) [+] |
line wrap: on
line diff
diff -r 35c626c06dd5 -r 0344a535b1db host/addStartupScripts.sh --- a/host/addStartupScripts.sh Mon Dec 13 09:14:52 2021 +0000 +++ b/host/addStartupScripts.sh Tue Dec 14 07:41:01 2021 +0000 @@ -3,9 +3,6 @@ . startupScripts.sh; mkdir -p $localStartup 2>/dev/null; -mkdir -p $localStartup/postgres 2>/dev/null; - -cleanUp; cd $startup; for file in *.plist; do @@ -16,19 +13,6 @@ s~ROOT~${ROOTPWD}~g" $file > ${localStartup}/${file}; done; -cp postgres/postgresql.conf ${localStartup}/postgres/postgresql.conf; -mv /usr/local/var/postgresql@9.5/postgresql.conf /usr/local/var/postgresql@9.5/postgresql.conf.bak; -ln -sf ${localStartup}/postgres/postgresql.conf /usr/local/var/postgresql@9.5/postgresql.conf; - -sed "s/SLAVE_IP/${SLAVE_IP}/g" postgres/pg_hba.conf > ${localStartup}/postgres/pg_hba.conf; -mv /usr/local/var/postgresql@9.5/pg_hba.conf /usr/local/var/postgresql@9.5/pg_hba.conf.bak; -ln -sf ${localStartup}/postgres/pg_hba.conf /usr/local/var/postgresql@9.5/pg_hba.conf; - -cd $localStartup; -for file in *.plist; do - sudo ln -sf ${localStartup}/${file} ${systemStarup}/${file}; - sudo chown root:wheel ${localStartup}/${file}; -done; - +addStartup; cd $ROOTPWD;
diff -r 35c626c06dd5 -r 0344a535b1db host/addStartupScriptsPostgres.sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/host/addStartupScriptsPostgres.sh Tue Dec 14 07:41:01 2021 +0000 @@ -0,0 +1,29 @@ +#!/bin/bash + +SLAVE_IP=$1; + +mkdir -p $localStartup/postgres 2>/dev/null; +. startupScripts.sh; + +cd $startupPostgres; +for file in *.plist; do + log=${ROOTPWD}"/logs/startup.${file}.log"; + sed "s~PWD~${startup}~g;\ + s~LOG~${log}~g;\ + s~USER~${user}~g;\ + s~ROOT~${ROOTPWD}~g" $file > ${localStartup}/${file}; +done; + +cd ../; + +cp postgres/postgresql.conf ${localStartup}/postgres/postgresql.conf; +mv /usr/local/var/postgresql@9.5/postgresql.conf /usr/local/var/postgresql@9.5/postgresql.conf.bak; +ln -sf ${localStartup}/postgres/postgresql.conf /usr/local/var/postgresql@9.5/postgresql.conf; + +sed "s/SLAVE_IP/${SLAVE_IP}/g" postgres/pg_hba.conf > ${localStartup}/postgres/pg_hba.conf; +mv /usr/local/var/postgresql@9.5/pg_hba.conf /usr/local/var/postgresql@9.5/pg_hba.conf.bak; +ln -sf ${localStartup}/postgres/pg_hba.conf /usr/local/var/postgresql@9.5/pg_hba.conf; + +addStartup; + +cd $ROOTPWD;
diff -r 35c626c06dd5 -r 0344a535b1db host/doc/autostart.txt --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/host/doc/autostart.txt Tue Dec 14 07:41:01 2021 +0000 @@ -0,0 +1,14 @@ +Autostart macOS: + +1) Disable Mac OS SIP + https://developer.apple.com/library/content/documentation/Security/Conceptual/System_Integrity_Protection_Guide/ConfiguringSystemIntegrityProtection/ConfiguringSystemIntegrityProtection.html + Ask hosting support. + +2) Disable buit-in firewall + sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.pfctl.plist + +3) Add plists (need sudo password) + ./addStartupScripts.sh + +If you need to remove plists use + ./removeStartupScripts.sh
diff -r 35c626c06dd5 -r 0344a535b1db host/doc/backup.txt --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/host/doc/backup.txt Tue Dec 14 07:41:01 2021 +0000 @@ -0,0 +1,17 @@ +s1.luan.software - master db +test.luan.software - slave db + +install: + +brew tap caskroom/versions +brew install postgresql@9.5 + +./addStartupScriptsPostgres.sh + +create replica + +1) mkdir /Users/administrator/replica/s1 (must be empty) + +2) pg_basebackup -h s1.luan.software -D /Users/administrator/replica/s1 -R -P -U administrator --xlog-method=stream + +replace configs with files *.slave from startup/postgres
diff -r 35c626c06dd5 -r 0344a535b1db host/doc/install.txt --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/host/doc/install.txt Tue Dec 14 07:41:01 2021 +0000 @@ -0,0 +1,41 @@ +Install on local machine: + +1) install mercurial + brew install hg + +2) install java + brew tap caskroom/versions + brew install caskroom/cask/java8 + +3) clone repo + hg clone https://hg.luan.software/luan + +4) Install nginx + brew tap denji/nginx + brew install nginx-full + +5) Make sudo nginx without password + add string to /etc/sudoers + %admin ALL=(ALL) NOPASSWD: /usr/local/bin/nginx + +6) compile + ./update.sh + +7) open in browser http://me.luan.software:8080 + +Install on production/test machine: +1 - 6 same + +7) Add startup (macOS) + look at autostart.txt + +8) Configure ssh for working monitoring and backups (example for s1) + create ssh key: ssh-keygen -t rsa -b 4096 -C "administrator@s1.luan.software" (for s1) + add ssh key at test.luan.software: edit file /Users/administrator/.ssh/authorized_keys + +9) Reboot the machine + sudo reboot + +10) Fix PS1 (for s1 example) + echo "PS1='lh-s1:\W\$ '" >> ~/.bash_profile +
diff -r 35c626c06dd5 -r 0344a535b1db host/https.luan --- a/host/https.luan Mon Dec 13 09:14:52 2021 +0000 +++ b/host/https.luan Tue Dec 14 07:41:01 2021 +0000 @@ -137,7 +137,7 @@ end if key_file.exists() and local_cer_file.exists() then changed = true - local conf = load_file "file:startup/nginx.ssl.conf.luan" + local conf = load_file "file:startup/nginx/nginx.ssl.conf.luan" local nginx = output_of( function() conf(top_dir,domain) end ) nginx_file.write(nginx) end
diff -r 35c626c06dd5 -r 0344a535b1db host/removeStartupScripts.sh --- a/host/removeStartupScripts.sh Mon Dec 13 09:14:52 2021 +0000 +++ b/host/removeStartupScripts.sh Tue Dec 14 07:41:01 2021 +0000 @@ -6,6 +6,5 @@ for file in *.plist; do sudo rm ${systemStarup}/${file}; + rm $file; done; - -cleanUp; \ No newline at end of file
diff -r 35c626c06dd5 -r 0344a535b1db host/renewSsl.sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/host/renewSsl.sh Tue Dec 14 07:41:01 2021 +0000 @@ -0,0 +1,11 @@ +#!/bin/bash + +set -e + +cd "$1"; + +ROOTPWD=$(pwd); + +./acme.sh --renew-all --cert-home "$ROOTPWD"/sites --config-home "$ROOTPWD"/local/letsencrypt/config; + +sudo $(which nginx) -s reload;
diff -r 35c626c06dd5 -r 0344a535b1db host/startup/macos/limit.maxfiles.plist --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/host/startup/macos/limit.maxfiles.plist Tue Dec 14 07:41:01 2021 +0000 @@ -0,0 +1,20 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> +<plist version="1.0"> + <dict> + <key>Label</key> + <string>limit.maxfiles</string> + <key>ProgramArguments</key> + <array> + <string>launchctl</string> + <string>limit</string> + <string>maxfiles</string> + <string>65536</string> + <string>65536</string> + </array> + <key>RunAtLoad</key> + <true/> + <key>ServiceIPC</key> + <false/> + </dict> +</plist>
diff -r 35c626c06dd5 -r 0344a535b1db host/startup/macos/limit.maxproc.plist --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/host/startup/macos/limit.maxproc.plist Tue Dec 14 07:41:01 2021 +0000 @@ -0,0 +1,20 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE plist PUBLIC "-//Apple/DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> +<plist version="1.0"> + <dict> + <key>Label</key> + <string>limit.maxproc</string> + <key>ProgramArguments</key> + <array> + <string>launchctl</string> + <string>limit</string> + <string>maxproc</string> + <string>2048</string> + <string>2048</string> + </array> + <key>RunAtLoad</key> + <true /> + <key>ServiceIPC</key> + <false /> + </dict> +</plist>
diff -r 35c626c06dd5 -r 0344a535b1db host/startup/macos/renewSsl.plist --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/host/startup/macos/renewSsl.plist Tue Dec 14 07:41:01 2021 +0000 @@ -0,0 +1,32 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> +<plist version="1.0"> + <dict> + <key>Label</key> + <string>com.luanhost.renewSsl</string> + <key>ProgramArguments</key> + <array> + <string>ROOT/renewSsl.sh</string> + <string>ROOT</string> + </array> + <key>StartCalendarInterval</key> + <array> + <dict> + <key>Hour</key> + <integer>00</integer> + <key>Minute</key> + <integer>00</integer> + </dict> + </array> + <key>AbandonProcessGroup</key> + <true/> + <key>UserName</key> + <string>USER</string> + <key>StandardErrorPath</key> + <string>LOG</string> + <key>StandardOutPath</key> + <string>LOG</string> + <key>RunAtLoad</key><false/> + <key>KeepAlive</key><false/> + </dict> +</plist>
diff -r 35c626c06dd5 -r 0344a535b1db host/startup/macos/startLuanhost.plist --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/host/startup/macos/startLuanhost.plist Tue Dec 14 07:41:01 2021 +0000 @@ -0,0 +1,21 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE plist PUBLIC "-//Apple Computer/DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> +<plist version="1.0"> + <dict> + <key>Label</key> + <string>com.luanhost.startLuanhost</string> + <key>ProgramArguments</key> + <array> + <string>PWD/startLuanhost.sh</string> + <string>ROOT</string> + </array> + <key>UserName</key> + <string>USER</string> + <key>RunAtLoad</key> + <true/> + <key>StandardErrorPath</key> + <string>LOG</string> + <key>StandardOutPath</key> + <string>LOG</string> + </dict> +</plist>
diff -r 35c626c06dd5 -r 0344a535b1db host/startup/macos/startLuanhost.sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/host/startup/macos/startLuanhost.sh Tue Dec 14 07:41:01 2021 +0000 @@ -0,0 +1,10 @@ +#!/bin/bash + +set -eu + +cd "$1"; + +#can't determine if network is available at startup +sleep 60; + +./start.sh "launchd";
diff -r 35c626c06dd5 -r 0344a535b1db host/startup/nginx/mime.types --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/host/startup/nginx/mime.types Tue Dec 14 07:41:01 2021 +0000 @@ -0,0 +1,95 @@ + +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt luan log; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/png png; + image/svg+xml svg svgz; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/webp webp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + + application/font-woff woff; + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.oasis.opendocument.graphics odg; + application/vnd.oasis.opendocument.presentation odp; + application/vnd.oasis.opendocument.spreadsheet ods; + application/vnd.oasis.opendocument.text odt; + application/vnd.openxmlformats-officedocument.presentationml.presentation + pptx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet + xlsx; + application/vnd.openxmlformats-officedocument.wordprocessingml.document + docx; + application/vnd.wap.wmlc wmlc; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +}
diff -r 35c626c06dd5 -r 0344a535b1db host/startup/nginx/nginx.conf.luan --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/host/startup/nginx/nginx.conf.luan Tue Dec 14 07:41:01 2021 +0000 @@ -0,0 +1,30 @@ +local rootDir, user, group = ... + +%> +worker_processes 4; +user <%=user%> <%=group%>; + +events { + worker_connections 4096; +} + +http { + include mime.types; + default_type application/octet-stream; + sendfile on; + keepalive_timeout 65; + + proxy_cache_path <%=rootDir%>/local/nginx_cache levels=1:2 keys_zone=nginx_cache:60m max_size=10g inactive=60m use_temp_path=off; + + upstream luan { + server 127.0.0.1:8080; + } + + server { + listen 80 default_server; + include nginx.default.conf; + } + + include <%=rootDir%>/sites/*/nginx.ssl.conf; +} +<%
diff -r 35c626c06dd5 -r 0344a535b1db host/startup/nginx/nginx.default.conf.luan --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/host/startup/nginx/nginx.default.conf.luan Tue Dec 14 07:41:01 2021 +0000 @@ -0,0 +1,31 @@ +local rootDir, leKey = ... + +%> + client_max_body_size 32m; + + proxy_http_version 1.1; + proxy_set_header Host $http_host; + error_log <%=rootDir%>/logs/nginx_error.log; + + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + + charset utf-8; + + location ~ "^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)$" { + default_type text/plain; + return 200 "$1.<%=leKey%>"; + } + + location ~ /(?<path>.*) { + proxy_cache_key $scheme$host$request_uri; + proxy_cache nginx_cache; + proxy_cache_revalidate on; + proxy_cache_min_uses 1; + proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; + proxy_cache_background_update on; + proxy_cache_lock on; + add_header X-Cache-Status $upstream_cache_status; + proxy_pass http://luan; + } +<%
diff -r 35c626c06dd5 -r 0344a535b1db host/startup/nginx/nginx.ssl.conf.luan --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/host/startup/nginx/nginx.ssl.conf.luan Tue Dec 14 07:41:01 2021 +0000 @@ -0,0 +1,22 @@ +local rootDir, domain = ... + +%> + server { + server_name <%=domain%>; + listen 80; + return 301 https://$http_host$request_uri; + } + + server { + server_name <%=domain%>; + listen 443 ssl; + + if ($host != $server_name) { + return 301 http://$http_host$request_uri; + } + + ssl_certificate <%=rootDir%>/sites/<%=domain%>/fullchain.cer; + ssl_certificate_key <%=rootDir%>/sites/<%=domain%>/<%=domain%>.key; + include <%=rootDir%>/local/nginx.default.conf; + } +<%
diff -r 35c626c06dd5 -r 0344a535b1db host/startup/postgres/macos/luanhost.postgresql.plist --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/host/startup/postgres/macos/luanhost.postgresql.plist Tue Dec 14 07:41:01 2021 +0000 @@ -0,0 +1,26 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> +<plist version="1.0"> + <dict> + <key>KeepAlive</key> + <true/> + <key>Label</key> + <string>luanhost.postgresql</string> + <key>ProgramArguments</key> + <array> + <string>/usr/local/opt/postgresql@9.5/bin/postgres</string> + <string>-D</string> + <string>/usr/local/var/postgresql@9.5</string> + </array> + <key>RunAtLoad</key> + <true/> + <key>WorkingDirectory</key> + <string>/usr/local</string> + <key>UserName</key> + <string>USER</string> + <key>StandardErrorPath</key> + <string>LOG</string> + <key>StandardOutPath</key> + <string>LOG</string> + </dict> +</plist> \ No newline at end of file
diff -r 35c626c06dd5 -r 0344a535b1db host/startupScripts.sh --- a/host/startupScripts.sh Mon Dec 13 09:14:52 2021 +0000 +++ b/host/startupScripts.sh Tue Dec 14 07:41:01 2021 +0000 @@ -5,10 +5,13 @@ systemStarup='/Library/LaunchDaemons'; localStartup=${ROOTPWD}'/local/startup'; -startup=${ROOTPWD}'/startup'; - -SLAVE_IP=$(dig +short "test.luan.software"); +startup=${ROOTPWD}'/startup/macos'; +startupPostgres=${ROOTPWD}'/startup/postgres/macos'; -function cleanUp() { - find $localStartup -type f \( -name "*.plist" \) -delete; +function addStartup() { + cd $localStartup; + for file in *.plist; do + sudo ln -sf ${localStartup}/${file} ${systemStarup}/${file}; + sudo chown root:wheel ${localStartup}/${file}; + done; }
diff -r 35c626c06dd5 -r 0344a535b1db host/update.sh --- a/host/update.sh Mon Dec 13 09:14:52 2021 +0000 +++ b/host/update.sh Tue Dec 14 07:41:01 2021 +0000 @@ -19,9 +19,9 @@ ./acme.sh --register-account --cert-home ./sites --config-home local/letsencrypt/config 2>&1 | grep 'ACCOUNT_THUMBPRINT' | awk -F "'" '{print $2}' > local/leKey.txt; fi; -cp startup/mime.types local/mime.types; -luan startup/nginx.conf.luan $(pwd) $(whoami) $(id -gn) > local/nginx.conf -luan startup/nginx.default.conf.luan $(pwd) $(cat local/leKey.txt) > local/nginx.default.conf +cp startup/nginx/mime.types local/mime.types; +luan startup/nginx/nginx.conf.luan $(pwd) $(whoami) $(id -gn) > local/nginx.conf +luan startup/nginx/nginx.default.conf.luan $(pwd) $(cat local/leKey.txt) > local/nginx.default.conf echo Starting... ./start.sh